412483d8630f27d160d9baf8f9d2b4deeb510d0f351ce684e7c0619d26f1cc29

General
Target

412483d8630f27d160d9baf8f9d2b4deeb510d0f351ce684e7c0619d26f1cc29

Size

5MB

Sample

220508-t2mjgacch2

Score
10 /10
MD5

4c41decf8b08f8d5bb5445cc37a7065b

SHA1

2c60eb30ac92c79746bf6cc75d718726031926b5

SHA256

412483d8630f27d160d9baf8f9d2b4deeb510d0f351ce684e7c0619d26f1cc29

SHA512

945860033f9909d54432e99b8376f6c723e9d4561db82b367bbd73171b06634011beb4539e8f83b91b6ffcd046e9b402aa7fc7fea7c22486746cb994f555a816

Malware Config
Targets
Target

412483d8630f27d160d9baf8f9d2b4deeb510d0f351ce684e7c0619d26f1cc29

MD5

4c41decf8b08f8d5bb5445cc37a7065b

Filesize

5MB

Score
10/10
SHA1

2c60eb30ac92c79746bf6cc75d718726031926b5

SHA256

412483d8630f27d160d9baf8f9d2b4deeb510d0f351ce684e7c0619d26f1cc29

SHA512

945860033f9909d54432e99b8376f6c723e9d4561db82b367bbd73171b06634011beb4539e8f83b91b6ffcd046e9b402aa7fc7fea7c22486746cb994f555a816

Tags

Signatures

  • Bazar Loader

    Description

    Detected loader normally used to deploy BazarBackdoor malware.

    Tags

  • Bazar/Team9 Loader payload

  • Tries to connect to .bazar domain

    Description

    Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

  • Unexpected DNS network traffic destination

    Description

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10